Skip to:
Content

BuddyPress.org

Opened 13 years ago

Closed 13 years ago

Last modified 12 years ago

#3310 closed defect (bug) (worksforme)

Nonce Checks Failing for Private Groups

Reported by: iridox's profile Iridox Owned by:
Milestone: 1.5 Priority: normal
Severity: normal Version:
Component: Groups Keywords:
Cc:

Description

Running BuddyPress 1.2.8 on Wordpress 3.1.4

Expected behavior: Clicking an action such as Accepting a join request or promoting a member to admin status to complete successfully.

The Result: Nonce check fails and WordPress returns a "Failure Notice" with a "try again" link.

I can reproduce this on a completely fresh copy of wordpress and buddypress (same versions as above.)

When I removed the check_admin_referrer() calls in bp-groups.php expected behavior resumed, but I assume I just killed the security feature entirely.

Change History (6)

#1 @DJPaul
13 years ago

I just tested promoting a group member to admin, accepting a group invitiation, on a totally clean install with those versions and it worked for me.

#2 @Iridox
13 years ago

Not sure if this would make a difference or not, but the test server runs on NGINX, not Apache.

#3 @johnjamesjacoby
13 years ago

  • Keywords changed from nonce, security to nonce security
  • Severity set to normal

Are you able to switch to BuddyPress trunk and duplicate this issue in your setup?

#4 @boonebgorges
13 years ago

  • Keywords nonce security removed
  • Resolution set to worksforme
  • Status changed from new to closed

These actions are working fine for me on the latest BP trunk. If you can reproduce them with BP trunk, please reopen the ticket.

#5 @johnjamesjacoby
13 years ago

  • Milestone changed from Awaiting Review to 1.5
  • Version 1.2.8 deleted

Moving closed ticket out of Awaiting Review.

#6 @cnorris23
12 years ago

For posterity, see #4161 for a possible fix

Note: See TracTickets for help on using tickets.